--- a/svr-auth.c
+++ b/svr-auth.c
@@ -149,7 +149,7 @@ void recv_msg_userauth_request() {
 				AUTH_METHOD_NONE_LEN) == 0) {
 		TRACE(("recv_msg_userauth_request: 'none' request"))
 		if (valid_user
-				&& svr_opts.allowblankpass
+				&& (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root"))
 				&& !svr_opts.noauthpass
 				&& !(svr_opts.norootpass && ses.authstate.pw_uid == 0) 
 				&& ses.authstate.pw_passwd[0] == '\0') 
